@
Updating the List of Enabled Ciphers
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/enabling_tls#idm140548437003312
exec
dsconf -D "cn=Directory Manager" testinst security ciphers set "-all,+TLS_CHACHA20_POLY1305_SHA256,+TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
returns
usage: dsconf instance security ciphers set [-h] cipher-string
dsconf instance security ciphers set: error: the following arguments are required: cipher-string
checking
dsconf instance security ciphers set -h
usage: dsconf instance security ciphers set [-h] cipher-string
Use this command to directly set nsSSL3Ciphers attribute. It is a comma separated list of cipher names (prefixed with + or
-), optionally including +all or -all. The attribute may optionally be prefixed by keyword default. Please refer to
documentation of the attribute for a more detailed description.
positional arguments:
cipher-string
optional arguments:
-h, --help show this help message and exit
re-attempt rm'in "-all"
dsconf -D "cn=Directory Manager" testinst security ciphers set "+TLS_CHACHA20_POLY1305_SHA256,+TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
Remeber to restart the server to apply the new cipher set.
(^^^^ fyi, typo)
Some ciphers may be disabled anyway due to allowWeakCipher attribute.
but, here
grep -i weak /etc/dirsrv/slapd-testinst/dse.ldif
allowWeakCipher: off
allowWeakDHParam: off
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
No comments:
Post a Comment